December 8, 2023

According to Microsoft, administrators can preempt attacks exploiting CVE-2022-30190 by disabling the MSDT protocol. This stops malicious actors from launching troubleshooters and from executing code on vulnerable systems.

The process for disabling the MSDT URL protocol on a Windows device is as follows:

  1. Run Command Prompt as an Administrator.
  2. To create a backup of the registry key, execute the command “reg export HKEY_CLASSES_ROOT\ms-msdt ms-msdt.reg
  3. Then, execute the command “reg delete HKEY_CLASSES_ROOT\ms-msdt /f
Advertisements

Once Microsoft issues a CVE-2022-30190 patch, administrators can undo the workaround by launching an elevated command prompt and executing the reg import ms-msdt.reg command

Though Microsoft notes that the Microsoft Office Protected View and Application Guard can block CVE-2022-30190 attacks, analysts discovered that the security feature does not block exploitation attempts if targets preview the malicious content in Windows Explorer.

It is advised that admins disable the Preview pane in Windows Explorer in order to remove the attack vector.

Tags:

1 thought on “Follina Mitigation Details Emerges

  1. Pingback: Chinese APT exploits Follina - TheCyberThrone

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

Meta enables Messenger with E2EE by Default

December 8, 2023

CISA KEV Update Part II – December 2023

December 7, 2023

Atlassian fixes critical RCE vulnerabilities in its products

December 6, 2023

Microsoft Echo’s on APT 28 exploiting CVE-2023-23397

December 5, 2023

Papercut Privilege Escalation Vulnerability Unearthed

December 5, 2023

DanaBot Trojan Deploying Cactus Ransomware

December 4, 2023
%d